[X2go-User] AD integration?
Jonathan Brown
jbssfl at gmail.com
Wed Jan 25 16:14:20 CET 2012
Hi Mike thanks for the helpful reply... Got this set up on a Kubuntu
proxmox kvm vm on our corp network w/centrify to ADjoin and x2go and indeed
it works very nicely and AD users can login without even specifying the
domain name.. which is kind of nice. Very pleased with the quality and
speed of x2go.. seems comparable to NX, much easier setup and sound
(haven't tested printer)... works out of the box... yeah it's nice to have
the AD groups on the ADclient... we have a group called unixadmins so a
simple %unixadmins addition to the sudoers file allows an AD user in that
group to sudo su -l to root with their AD pw on the box...
Cheers, Jon
On Wed, Jan 25, 2012 at 2:36 AM, Mike Gabriel <
mike.gabriel at das-netzwerkteam.de> wrote:
> Hi Jonathan,
>
>
> On Di 24 Jan 2012 18:07:29 CET Jonathan Brown wrote:
>
> Hello,
>>
>> I have been researching various options and it seems that x2go is
>> preferable as it is based on nx and is actively developed. I want to try
>> it out, however just had a quick question on AD integration. I understand
>> there is this ldap option for the client, however, what about just joining
>> the host server to a domain using likewise or centrify, and then once
>> confirmed that users can log in via console and ssh with AD, can we not
>> use
>> the x2go client to log in as AD user? Also would their be a designation
>> such as DOMAIN\ADusername ?
>>
>> Thanks!
>>
>
> Once you can log in to a Linux-AD-Client via SSH you can start using X2Go
> right away.
>
> Users that shall be allowed to use client-side folder sharing have to be
> in the ,,fuse'' group on the Linux machine. This fuse group normally is a
> local group (/etc/passwd), but it surely is possible to place that group
> into AD.
>
> I found it quite helpful to have the UNIX extensions activated in AD. So
> that special posix attributes like uidNumber and gidNumber get stored in
> LDAP and are recognized by the Linux-AD-Client. This allows you to have
> multiple Linux boxes on site that have the same user account base
> (usernames, uidNumbers, gidNumbers, all matching... which is not the case
> if you use standalone winbind/AD client implementations).
>
> Greets,
> Mike
>
>
>
>
> --
>
> DAS-NETZWERKTEAM
> mike gabriel, dorfstr. 27, 24245 barmissen
> fon: +49 (4302) 281418, fax: +49 (4302) 281419
>
> GnuPG Key ID 0xB588399B
> mail: mike.gabriel at das-netzwerkteam.**de<mike.gabriel at das-netzwerkteam.de>,
> http://das-netzwerkteam.de
>
> freeBusy:
> https://mail.das-netzwerkteam.**de/freebusy/m.gabriel%40das-**
> netzwerkteam.de.xfb<https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb>
>
> _______________________________________________
> X2go-User mailing list
> X2go-User at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-user
>
>
--
*"It is only when each individual has achieved inner peace that we will see
lasting outer peace in the world"
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20120125/6ff72381/attachment.html>
More information about the x2go-user
mailing list